Configure security for multiple instances of Rational Team Concert

Get an overview of how to set up multiple IBM® Rational Team Concert™ applications by using IBM® WebSphere® Application Server Network Deployment profiles. This article provides systematic instructions to get an SSL certificate, and then how to install and configure it on each of the application server profiles created on the Version 6.1 or 7.0 of the application server to provide secure access for multiple Rational Team Concert instances.

Share:

Murali Dhandapani (muralindia@in.ibm.com), IT Specialist, IBM

author photoMurali Dhandapani is part of ISL IT (TeamONE) Software Engineering Service team at IBM Software Labs, India. He is an IBM Certified IT Specialist and works as a technical lead for Rational Jazz products infrastructure deployment. Murali has a master’s degree in computer science, and he is an IBM Certified Specialist in System p administration and an IBM eServer Certified Systems Expert - pSeries HACMP.


developerWorks Contributing author
        level

19 July 2011

Also available in Chinese

Introduction

This article gives an overview of how to set up multiple IBM® Rational Team Concert™ instances using IBM® WebSphere® Application Server Network Deployment ("WebSphere" or "the application server" hereafter), along with detailed steps to install an SSL certificate on each of the profiles created on WebSphere to provide secure access for the Rational Team Concert application. The systematic instructions in this article help you generate a CSR (Certificate Signing Request) to request the SSL certificate and then to install and configure it using either Version 6.1 or 7.0 of the application server.


Prepare for multiple Rational Team Concert deployments

Normally, Rational Team Concert requires the base edition of WebSphere Application Server. But to install multiple Rational Team Concert instances on a single server, you must use WebSphere Application Server Network Deployment. The steps that follow explain how to create multiple WebSphere profiles.

Note:
See Resources for a link to hardware, software, and operating system requirements for Rational Team Concert collaborative management software.

  • Install WebSphere Application Server Network Deployment v6.1 or 7.0 with the required fix pack, according to the Rational Team Concert requirement.
  • Using the Profile Management Tool, create an application server profile.
  1. Move to the ProfileManagement directory:
    cd /opt/IBM/WebSphere/AppServer/bin/ProfileManagement
  2. Run the following command:
    ./pmt.sh
  • Follow the GUI screen and create the Application Server profile.


Tips:

  • Make notes of port numbers assigned while creating multiple profiles. For instance, in the capture shown in Figure 1, port number 9043, administrative console secure port, is used for WebSphere Application Server administration, and port number 9443, HTTPS transport port, is used for Jazz/admin access.
  • Ensure that other services running on the server are not conflicting with the ports used here while creating multiple profiles.
Figure 1. Port Values Assignment view
Shows port details

Configure Rational Team Concert on multiple WebSphere profiles

Install the Rational Team Concert web archive files on all the profiles created on WebSphere Application Server:

While using Rational Team Concert 3.0, these are the context names:

  • /jts for the jts.war file
  • /ccm for ccm.war
  • /clmhelp for clmhelp.war

The following steps are only for Rational Team Concert installation on multiple profiles. Detailed configuration steps are available in the documentation (see Resources for a link).

Set up Rational Team Concert 3.0

  1. Install and configure the ccm.war, jts.war, and clmhelp.war files on the profile.
Figure 2. Enterprise application
image displays the installed applications
  1. Make sure the JAZZ_HOME and log4j.configuration are set with the desired paths in custom properties.
Figure 3. Custom properties
image displays the Rational Team Concert 3.0 custom properties

Note:
The value for JAZZ_HOME and log4j.configuration should be from the same WebSphere profile. Here RTC3_HMEL is the profile name. The subsequent WebSphere profile will have different profile name.


Install the SSL certificate for the WebSphere profiles

Before proceeding for SSL certificate installation, you first need to generate a CSR (Certificate Signing Request) to receive the SSL certificate from the vendor.

Request the SSL certificate

  1. Run the ikeyman.sh script on WebSphere Application Server. It is located in this path on both WebSphere 6.1 and 7.0: /opt/IBM/WebSphere/AppServer/bin
Figure 4. IBM key management
image displays the options in key management
  1. Click the new key database file option, and select the key database type as JKS.
  2. Enter the file name and location (key.jks), and click OK.
  3. At the password prompt, enter the password and click OK.

Important:
This password is essential to install the SSL certificate after receiving the certificate from the vendor.

  1. In the "Key database content" section, select Personal Certificate Requests and click New to display the certificate request window (Figure 5).
Figure 5. WebSphere 6.1, Certificate request, dialog window
Fields for certificate request
Figure 6. WebSphere 7.0, Create New Key and Certificate Request dialog window
Fields for certificate request
  1. Name the Key Label, select 2048 as the Key Size, and choose the signature algorithm from the drop-down menu.
  2. Ensure that the SSL vendor supports the key size and signature algorithm selected.
  3. Enter the common name, such as the server hostname (rtcser1.in.ibm.com).
  4. Complete all of the optional selections.
  5. Browse to enter the name of the file where you want to store the certificate request, with the full path, and click OK.
  6. In response to the message shown in Figure 9, click OK.
  7. Send the certreq.arm file to the SSL vendor to get the SSL certificate.
Figure 7. "…request has been successfully created" confirmation
And reminder to send file to certificate authority

Install the certificate

  1. After receiving the SSL certificate, install the certificate on all of the WebSphere profiles, one by one:
  1. Expand Security.
  2. Click SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates.

Figures 8 and Figure 9 display the default certificate from WebSphere 6.1 and WebSphere 7.0, respectively.

Figure 8. WebSphere 6.1 SSL Certificate and Key Management view
The default certificate
Figure 9. WebSphere 7.0 SSL Certificate and Key Management view
The default certificate
  1. Click Import.
  2. Enter the Key file name (see Figures 10, 11, and 12), select the Type, and Key file password, and click Get key File Aliases.

Note:
Key file name is Location + file name, Type is JKS. Password is the password that you entered while creating the Key database file.

Figure 10. WebSphere 6.1 Import certificate from a key file
The fields in the import certificate
Figure 11. WebSphere 7.0 Import certificate from a key file or key store
The fields in import certificate
Figure 12. Key file details
image displays the entered details

After clicking the Get Key file aliases button, the key label "sitecert" will be in the drop-down menu of the "Certificate alias to import" field (Figure 13).

  1. Select sitecert, and for "Imported certificate alias," enter a name: rtcwasssl.
  2. Click OK, and save the configuration.
Figure 13. Certificate alias to import
Two fields: alias to import, imported certificate

Update and test your configuration

After successfully importing the new SSL certificate, both the default and the new SSL certificate will be available in personal certificates.

Figure 14. SSL certificates view, updated
Table shows both default and new one
  1. Delete the default certificate, and save the configuration.
  2. Restart the respective WebSphere profiles, and try accessing the Rational Team Concert web link and Rational Team Concert Eclipse client. The newly installed vendor SSL certificate will be protecting the Rational Team Concert application access.
  3. Repeat the steps to install the same SSL certificate on all of the profiles to have secure access for the Rational Team Concert application installed on it.

Summary

This article explained how to configure multiple instances of Rational Team Concert by using WebSphere Application Server Network Deployment profiles. It covered how to generate the CSR and then request an SSL certificate from the SSL vendor, as well as how to install and configure the certificate on all of the profiles created on WebSphere v6.1 and 7.0 for secure Rational Team Concert access.

Resources

Learn

Get products and technologies

Discuss

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Rational software on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Rational, WebSphere, Security, DevOps
ArticleID=710594
ArticleTitle=Configure security for multiple instances of Rational Team Concert
publish-date=07192011